Stream: restrict the domain(s) in which video is allowed, not working

I have uploaded 2 video’s.
I have set “allowed origins” on both video’s.
On video 1 I have set a . domain . com
On video 2 I have set b . domain . com
On both subdomains I created an index.html with the same content, both video’s.
On a . domain . com I can watch both video’s.
On b . domain . com I can watch only one video, I only see a picture (first frame) of the other video. But on b . domain . com I can watch video 1, instead of the configured video 2…

When I remove the “allowed origins” settings, nothing changes…
Does anyone have an idea on what I’m doing wrong?

Sorry for the spaces in the url’s, I wasn’t allowed to use them otherwise…
Thanks!

2 Likes

Did anyone read this one above?

I have the same situation… whitelistening a domain doesn’t really prevent other domains from streaming the same embedded video.

Also with signing URL functionality, if you grab the token from dev. tools and you add: “watch.cloudflarestream.com/” in front of it, the video plays perfectly… which shouldn’t as cfstream.com it’s another domain than the one you whitelisted!!!

I’m not a Stream customer. However, the “allowed origins” setting(?) to which you refer sounds like an Access-Control-Allow-Origin http header. If that’s the case, read this:

as well as this:

and have a look at this particular, fairly common, CORS error:

along with most, if not all CORS errors:

and since I’m unsure of your production server, there’s this:

https://enable-cors.org/server.html

1 Like